Skills
skills/posteyai/skills/postey/Gen Agent Trust Hub

postey

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/postey.js script utilizes child_process.spawnSync to execute local binaries including ffmpeg, ffprobe, yt-dlp, and whisper. These tools are used for essential media operations such as video trimming, thumbnail extraction, and audio transcription.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download of video content from remote URLs using the yt-dlp utility, which is a common requirement for transcription and repurposing workflows.
  • [DATA_EXFILTRATION]: User-selected media files and post content are uploaded to the vendor's API at srvr.postey.ai. This is the intended behavior for a social media publishing tool.
  • [SAFE]: Secret management for API keys follows best practices by supporting environment variables (POSTEY_API_KEY) and project-specific configuration files. The setup command provides an interactive way to configure these, including an option to automatically update .gitignore to prevent credential exposure.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 05:44 AM